Display System Log Files
Use Feature Explorer to confirm platform and release support for specific features.
Review the Platform-Specific System Logging Behavior section for notes related to your platform.
Display a Log File from a Single-Chassis System
To display a log file stored on a single-chassis system, enter Junos OS CLI operational mode and issue either of the following commands:
user@host> show log log-filename user@host> file show log-file-pathname
By default, the commands display the file stored on the local
Routing Engine. To display the file stored on a particular Routing
Engine, prefix the file or pathname with the string re0
or re1
and a colon.
The following examples both display the /var/log/messages file stored on the Routing Engine in slot 1:
user@host> show log re1:messages user@host> file show re1:/var/log/messages
For information about the fields in a log message, see Interpreting Messages Generated in Standard Format by a Junos OS Process or Library, Interpreting Messages Generated in Standard Format by Services on a PIC, and Interpreting Messages Generated in Structured-Data Format. For examples, see Log File Sample Content.
Log File Sample Content
This topic contains sample content from the /var/log directory. You can display the contents of the /var/log/messages file stored on the local Routing Engine. (The /var/log directory is the default location for log files, so you do not need to include it in the filename. The messages file is a commonly configured destination for system log messages.)
In Junos OS Evolved, the messages file is only written on the primary Routing Engine. Backup Routing Engine messages are found in the messages file on the primary Routing Engine.
user@host> show log messages Apr 11 10:27:25 router1 mgd[3606]: UI_DBASE_LOGIN_EVENT: User 'barbara' entering configuration mode Apr 11 10:32:22 router1 mgd[3606]: UI_DBASE_LOGOUT_EVENT: User 'barbara' exiting configuration mode Apr 11 11:36:15 router1 mgd[3606]: UI_COMMIT: User 'root' performed commit: no comment Apr 11 11:46:37 router1 mib2d[2905]: SNMP_TRAP_LINK_DOWN: ifIndex 82, ifAdminStatus up(1), ifOperStatus down(2), ifName at-1/0/0
You can display the contents of the file /var/log/processes, which has been previously configured to include messages from the daemon
facility. When issuing the file show
command,
you must specify the full pathname of the file:
user@host> file show /var/log/processes Feb 22 08:58:24 router1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 22 20:35:07 router1 snmpd[359]: SNMPD_THROTTLE_QUEUE_DRAINED: trap_throttle_timer_handler: cleared all throttled traps Feb 23 07:34:56 router1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 23 07:38:19 router1 snmpd[359]: SNMPD_TRAP_COLD_START: trap_generate_cold: SNMP trap: cold start
You can display the contents of the file /var/log/processes when the explicit-priority
statement is included at the
[edit system syslog file processes
] hierarchy level:
user@host> file show /var/log/processes Feb 22 08:58:24 router1 snmpd[359]: %DAEMON-3-SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 22 20:35:07 router1 snmpd[359]: %DAEMON-6-SNMPD_THROTTLE_QUEUE_DRAINED: trap_throttle_timer_handler: cleared all throttled traps Feb 23 07:34:56 router1 snmpd[359]: %DAEMON-3-SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 23 07:38:19 router1 snmpd[359]: %DAEMON-2-SNMPD_TRAP_COLD_START: trap_generate_cold: SNMP trap: cold start
Warning Message Support for Throughput Overuse:
The device supports up to 20 Gbps and 7 Mpps of Internet mix (IMIX) firewall performance. When
IMIX throughput exceeds these limits, new log messages are generated. These log messages serve
as reminders that throughput overuse is occurring. You can see the following sample log messages
when you issue the show log messages
command.
user@host> show log messages Apr 25 14:01:12 user Throughput exceed 20Gbps and 7Mpps in 35% of last 15 minutes, above the time threshold 10%! Apr 25 14:16:12 user Throughput exceed 20Gbps and 7Mpps in 95% of last 15 minutes, above the time threshold 10%!
As a reminder of throughput overuse, every 15 minutes the system calculates how many minutes the throughout has exceeded 20 Gbps and 7 Mpps. The system triggers a log message if the throughput has exceeded more than 1 minute, 30 seconds (10%) of the last 15 minutes. For example, suppose you see the following log message:
Throughput exceed 20 Gbps and 7 Mpps in 35% of last 15 minutes, above the time threshold 10%!
It means your throughput has exceeded 20 Gbps and 7 Mpps for 5 minutes, 15 seconds of the last 15 minutes (35% of 15 minutes) that triggered the log message.
To turn off this log message, we recommend that you bring down the throughput level below 20 Gbps and 7 Mpps or install the enhanced performance upgrade license.
This feature requires a license. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.
Display MD5 Log Files
On Junos OS,
When MD5 configured on local but not on peer device,
Apr 16 21:49:52 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:52848 missing MD5 digest
When MD5 configured on peer but not on local device,
Apr 16 21:51:30 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:54049 unexpectedly has MD5 digest
When MD5 is configured on both the routers and there is authentication password mismatch, the following log is displayed:
Apr 16 21:51:58 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:54049 wrong MD5 digest
On Junos OS Evolved,
When TCP MD5 authentication is configured on local but not on peer device, the log messages are not available.
When TCP MD5 authentication is configured on peer but not on local device, the log messages are not available.
When MD5 is configured on both the routers and there is authentication password mismatch, the following log is displayed:
Apr 16 21:41:22 vScapa1-RE0-re0 kernel: %KERN-6-TCP: MD5 Hash failed for (2.2.2.2, 39213)->(1.1.1.1, 179)